HTTPS & SSL¶
Blocked loading mixed active content¶
I’m not sure if that’s really the cause of it but when I created a letsencrypt certificate using the http-01 (due to the problems with the default one), all my web software were having a problem of`Blocked loading mixed active content.
After a few hours trying to understand why my http to https redirect didn’t work for this (I’m using a reverse-proxy where the certificate are but the .well-known is on the http only backend server so maybe that’s why there is a problem), I have found a post reminding me of the Content-Security-Policy and the upgrade-insecure-requests.
So here I am putting this code below in my apache config and all my problems are done.
Content-Security-Policy: upgrade-insecure-requests